How Criminals Are Using AI And Exploiting It To Further CrimeJuly 11, 2019
AI can use the swarm technology of clusters of malware taking down multiple devices and victims. The AI applications have been used in robotic devices and drone technology too. Even Google’s reCAPTCHA according to the reports of “I am Robot” can be successfully hacked 98% of the time.
It is everyone’s fear that the AI tutorials, sources, and tools which are freely available in the public domain will be more prevalent in creating hack ware than for any gainful purpose.
Here are the broad areas where hackers operate which are briefly discussed.
1. Affecting the data sources of the AI System:
ML poisoning uses studying the ML process and exploiting the spotted vulnerabilities by poisoning the data pool used for MLS algorithmic learning by. Former Deputy CIO for the White House and Xerox’s CISO Dr. Alissa Johnson talking to SecurityWeek commented that the AI output is only as good as its data source.
Autonomous vehicles and image recognition using CNNs and the working of these require resources to train them through third-parties or on cloud platforms where cyberattacks evade validation testing and are hard to detect. Another technique called “perturbation” uses a misplaced pattern of white pixel noises that can lead the bot to identify objects wrongly.
2. Chatbot Cybercrimes:
Kaspersky reports on Twitter confirm that 65 percent of the people prefer to text rather than use the phone. The bots used for nearly every app serve as perfect conduits for hackers and cyber attacks. Ex: The 2016 attack on Facebook tricked 10,000 users where a bot presented as a friend get them to install malware. Chatbots used commercially do not support the https protocol or TLA. Assistants from Amazon and Google are in constant listen-mode endangering private conversations. These are just the tip of the iceberg of malpractices on the IoT.
AI-based chatbots can be used through ML tweaking to automate ransomware. They communicate with the targets for paying ransom easily and use the encrypted data to ensure the ransom amount is based on the bills generated.
The very process of creating malware is simplified from manual to automatic by AI. Now the Cybercriminals can use rootkits, write Trojan codes, use password scrapers, etc with ease.
5. Identity Theft and Fraud:
The generation of synthetic text, images, audio, etc of AI can easily be exploited by the hackers. Ex: “Deepfake” pornographic videos that have surfaced online.
6. Intelligence garnering vulnerabilities:
Revealing new developments in AI causes the hackers to scale up the time and efforts involved in hacking by providing them almost simultaneously to cyber malware that can easily identify targets, vulnerability intelligence, and spear such attacks through phishing.
7. Whaling and Phishing:
ML and AI together can increase the bulk phishing attacks as also the targeted whaling attacks on individuals within a company specifically. McAfee Labs’ 2017 predictions state ML can be used to harness stolen records to create specific phishing emails. ZeroFOX in 2016 established that when compared to the manual process if one uses AI a 30 to 60 percent increase can be got in phishing tweets.
8. Repeated Attacks:
The ‘noise floor’ levels are used by malware to force the targeted ML to recalibrate due to repeated false positives. Then the malware in it attacks the system using the AI of the ML algorithm with the new calibrations.
9. The exploitation of Cyberspace:
Automated AI tools can lie incubating inside the software and weaken the immunity systems keeping the cyberspace environment ready for attacks at will.
10. Distributed Denial-of-Service (DDoS) Attacks
Successful strains of malware like the Mirai malware are copycat versions of successful software using AI that can affect the ARC-based processors used by IoT devices. Ex: The Dyn Systems DNS servers were hacked into on 21st October 2016, and the DDoS attack affected several big websites like Spotify, Reddit, Twitter, Netflix, etc.
CEO and founder of Space X and Tesla Elon Musk commented that AI was susceptible to finding complex optimal solutions like the Mirai DDoS malware. Read with the Deloitte’s warning that DDoS attacks are expected to reach one Tbit/sec and Fortinet predictions that “hivenets” capable of acting and self-learning without the botnet herder’s instructions would peak in 2018 means that AI’s capabilities have an urgent need for being restricted to gainful applications and not for attacks by cyberhackers.
AI has the potential to be used by hackers and cybercriminals using evolved AI techniques. The field of Cybersecurity is dynamic and uses the very same AI developments providing the ill-intentioned knowledge on how to hack into it. Is AI defense the best solution then for defense against the AIs growth and popularity?
To learn all about AI, ML and cybersecurity try the courses at Imarticus Learning where they enable you to be career-ready in these fields.